2e5656c44e5911311b3f68eddbc1f50ae8f3193f6be05d308c3d146baca52997

Analysis

max time kernel
2942025s
max time network
21s
platform
android_x64
resource
android-x64-20220823-en
resource tags

androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
submitted
25-11-2022 09:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e5656c44e5911311b3f68eddbc1f50ae8f3193f6be05d308c3d146baca52997.apk
Size

9.5MB
MD5

f414edfd28b02d6a80f7549476e441da
SHA1

af028d184599515b31c92fcc7ea87f19b6cee735
SHA256

2e5656c44e5911311b3f68eddbc1f50ae8f3193f6be05d308c3d146baca52997
SHA512

0566871e0b82902d885944ad1e93d5ae15415531433f77e1788c445e4013ff2254b1f98d80bae71e6949e45b6f3aaaf346b1b661b47bf43ddd0bfc9bda0026cc
SSDEEP

196608:WyrlwzhEmYpbfGJhdOxwtIonuhgFT+fL+qdcRj2R3hZn6zsHr8M1e:WyrlEWmYJGJh0wWRgFKL+qdcRj25Ear+

Score

7^/10

Malware Config

Signatures

Checks Android system properties for emulator presence. 5 IoCs

Processes:

com.huolea.bull

description	ioc	process
Accessed system property	key: ro.product.model	com.huolea.bull
Accessed system property	key: ro.product.name	com.huolea.bull
Accessed system property	key: ro.bootloader	com.huolea.bull
Accessed system property	key: ro.product.device	com.huolea.bull
Accessed system property	key: ro.hardware	com.huolea.bull

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.huolea.bull

ioc	pid	process
/data/user/0/com.huolea.bull/[email protected]	4715	com.huolea.bull
/data/user/0/com.huolea.bull/[email protected]!classes2.dex	4715	com.huolea.bull
/data/user/0/com.huolea.bull/[email protected]!classes3.dex	4715	com.huolea.bull

Reads information about phone network operator.

com.huolea.bull
1⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
PID:4715

chmod 755 /data/user/0/com.huolea.bull/.jiagu/libjiagu.so
2⤵
PID:4758

chmod 755 /data/user/0/com.huolea.bull/.jiagu/libjiagu_64.so
2⤵
PID:4788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.huolea.bull/.jiagu/.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/data/com.huolea.bull/.jiagu/.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/data/com.huolea.bull/.jiagu/classes.dex
Filesize
5.6MB

MD5
677c28a318b6c12b5f1b1b70fe9ca3e4

SHA1
58082e9f5f4bed79716ff5eed8adf38a7529ed0e

SHA256
c88aec4cf76c3f11342bb1cd34346d7d6c226094a033d48be1fb06bedde586bb

SHA512
d6e2c13becb0d6e9e322959af0401b3ac4f33ddc873ac9781926fb29fe5da2a1ad607b981e926e868e66215949552a7b56e6f358a3f99440a71d186ba4559e1d

Download Submit
/data/data/com.huolea.bull/.jiagu/classes.dex!classes2.dex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/data/com.huolea.bull/.jiagu/classes.dex!classes3.dex
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/data/com.huolea.bull/files/.jglogs/.jg.ac
Filesize
32B

MD5
4ce5f537559be3322f162c22e866f7d2

SHA1
89318d4dd70ad6345f54b82d1ccb98f11ce8a742

SHA256
9916f2ee2611dc871850f2d98474f9614c6ec4cfc07e1a7b364d0b8af14899e1

SHA512
bdf28dc320c2633c8c7328459d60195e707a5dd05a0fa983479b8b066f546a95a7046e2dc6acca041e39d322e5020565f43a2c7a2760704c000d7ea640050947

Download Submit
/data/data/com.huolea.bull/files/.jglogs/.jg.di
Filesize
728B

MD5
3c305178ba34d51ee6e4c9f5cc82eaac

SHA1
2ebf0940bc65d030e2c451ba58ff6d9452294e10

SHA256
4211930a2e357bbfcaff7e06db711fda4b9ec83cf44cffdb0d6f378df1c2d7a5

SHA512
4363ed7573091819a0f1c1ef8f38bfe82111fa376eca1820ec579d08ea1d87505da4c35561498027ddeeb36f8acfbd06de73680b90a5e83ea9c74d7d3f870eec

Download Submit
/data/data/com.huolea.bull/files/.jglogs/.jg.ic
Filesize
32B

MD5
0e83b1efb5a404433d4b34a18c387a1c

SHA1
56f525c4e7e82b641deabe57f9afa407a46df108

SHA256
2e15b8a5616bf27b1ff52880a4935d1a03df9bcb916f126b7b614a3f47a5a49f

SHA512
1693423e0fe69ae3be8c1c5c32a80921cef007734c397cf28434363380350708ca9b6a87bac84eeaed2a8f441e4e104e64782a9513e09475c9ef91b8dd455e1b

Download Submit
/data/data/com.huolea.bull/files/.jglogs/.jg.ri
Filesize
2KB

MD5
596d2b6057236afc5af22a9aee7bafff

SHA1
d9cdd907484fbbf050ce97b9125ccb880e19f0c5

SHA256
668d52a6e87472be52516ba89be5ec85b2baf9854a834a85326abed521564023

SHA512
f68c4f3032f6395cbd819ff67ee30474f988adb8b473a0c62aa03cc412b0c5a238c31bb5b71b7a82d4365777cbcfa1b0f0bc7731903c6440628d9e000560020b

Download Submit
/data/data/com.huolea.bull/files/.jiagu.lock
Filesize
38B

MD5
dea2f659c2696d0590137aac16dd832a

SHA1
c6a02a51164adf3cfdec0e6aa862c2d7faca1204

SHA256
33e40d75fb9b2927f8f5b4bed3377edfdaa4a19559e8be0ea912a83874c7443b

SHA512
e810e560706e145d0655571b0d5f8d0723a4a8b62070241ab7fa0378dda977d3e26bf6975aa7120fc0a87d17e7189702babf19e54fe53a353e638c1b3fc12813

Download Submit
/data/data/com.huolea.bull/files/umSocialStateLog/1669389336308.log
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.huolea.bull/.jiagu/libjiagu.so
Filesize
363KB

MD5
f7f5e960db0c8a6f3b5b8d1a0427a042

SHA1
a8b623f9f87a6e785508befe07314da2fa903bfa

SHA256
17ac5b03f2a51ebdf2cce66314bc8e3e1547bfa0dde61357fcc07768aaaecb3c

SHA512
ec889d1d9428cdbac082d0b5ab81cf33ac417874a416daf27b02af3d207b1b02ed794fc0b3f0ea266c8edaf3bfeb8f3cef7c631af689405fa629fee948ae8cba

Download Submit
/data/user/0/com.huolea.bull/.jiagu/libjiagu_64.so
Filesize
349KB

MD5
0733255e286b6e6dbaba9cd897e6d6a9

SHA1
f7050b691709a83633b7d3cde1b91bd6fff1c2b0

SHA256
8ebf467743eb1ac1c31eee127d4d37e3109c23b856e7de94de04a11f8b9f6432

SHA512
c3349d02dbdb02e3c0bcf52a752df5f142866aedfedca01cfd52a37166b50acd5159488260ee8f43a7b59da1288dc50bbabb6845a67135c919de1083ef9d678f

Download Submit
/data/user/0/com.huolea.bull/[email protected]
Filesize
7.8MB

MD5
8dfc96daa9e75c7b19eb89e215b5c367

SHA1
13d241cfb5d6543425fde35d08775d9e7e927428

SHA256
e899df4598a551f90906d9cb2126091f3657e757c811c17a434d3840fb093306

SHA512
5c491d08936bb85b0bdf68b3ca4ef49b80bb0bcb4218db33a013bf07f0c3f26b4006cfa8d11fcefdb3c2f80059b83e70309cd96b025fa5b11e0c92bcfb1f0430

Download Submit
/data/user/0/com.huolea.bull/[email protected]!classes2.dex
Filesize
2.3MB

MD5
480e3acd15ec44b5b46f13dc67f608f7

SHA1
18d4c49f3d0cf5d3f66925b95ace58c5ad7431b0

SHA256
f1eaf618f0e9a315281b1f27a0666bac62e8cac60fcdf9c564b9b886d1da5f96

SHA512
afb95d9e96e4637f2faccdfd01e29e97d49e015a569b2ae7d31e10e184ba7410acb5bdc40d37fdc7444e6b5cdc728891d93a98a4fd136d83f6665e94eeca0138

Download Submit
/data/user/0/com.huolea.bull/[email protected]!classes3.dex
Filesize
63KB

MD5
152075c93ef5954234ee8dca12f820a7

SHA1
45d6e878e4d08eb1c84a055f7095e34c5d93d1f0

SHA256
3e3f30e10b34b1c4a3a25fa0bed28cfe2c1afd09474c267faf7ce6e4b27a6e0b

SHA512
2035a05c27f6001675b62a9b2423996b9d3face9317d6b8da719d315da33612e3fe369ce9606d094d6e35f3573c3e04c8b5a4606570e3155e59a385d8234ffa9

Download Submit
/data/user/0/com.huolea.bull/files/focusName/private_file_storage_config
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.huolea.bull/files/jpush_uncaughtexception_file
Filesize
1KB

MD5
e0cdc969ecd7121b0385c9ef67503b18

SHA1
d62837b6b4c4a58e39bf3b2af26c1237db7cbea4

SHA256
e80cd602035487b4331fdd7bad3a3206e7402d233dd109578c0e7fa8baf31c5f

SHA512
2a3e209cc31393e0099cc1ad98e5a8bb6d9d1278a1c4f84526860c17f88b02e9320d7478b020732056d82445bfd47a51d91502cc1adb9a9d86202bf526541aea

Download Submit
/data/user/0/com.huolea.bull/shared_prefs/cn.jpush.preferences.v2.xml
Filesize
116B

MD5
ba20339bd856cb1fa534f4af49af1fa3

SHA1
4765865a35206017a0a0edef8dec122ffe0da137

SHA256
9ce6218cae3eb1e90a5529a6ce0207512d8bf7e3fae11d48eb2a902c120ea742

SHA512
fce85e31a0ad787ca397df5f2ddbe07ff9b6e74344834ffa7416f0d8d9b6f1e4a86771edb79f0141b402957d70826eb794a3218bb5bd2f130aa42eedff864729

Download Submit
/data/user/0/com.huolea.bull/shared_prefs/dianrui_cache.xml
Filesize
138B

MD5
25cc4f11ecff7fb0e91b38c9df08d409

SHA1
b76b6aeb5e6c067d77a14d0543f9f01d084ac38d

SHA256
7243e659acf396b05d05de4a4f7f1974d3147194f49118c42bedf0e612465c31

SHA512
1eadbeea6ed70d2d89364ade00d204456daf2ade1506438d1c2a0c968453cbff06886c3522cee77f16b96d3c8094cb5a20a76457d2403846a418cb63c11214ca

Download Submit
/data/user/0/com.huolea.bull/shared_prefs/juwo_cache.xml
Filesize
138B

MD5
0a9c26e5ec008a2aeebee832ee73d217

SHA1
ad33b970d8cd2dd77c0fa4a6db279c6ff53d672b

SHA256
205330e80b451ad67c94f8539b0e0496a35bffad76ad9dbcc874356940ecea0b

SHA512
93edf19fc4af03c1420b87fa074a23d6409f123ebee86bc536f77343c1a7ed1dbc1c98a89dbb1166a16f01fe1b84717571bde275ae9d67e046711240a546a2be

Download Submit
/data/user/0/com.huolea.bull/shared_prefs/umeng_socialize.xml
Filesize
120B

MD5
a5a464d0b7d72984df791c494523cd2a

SHA1
168d6a31b98d9ad85fce4b43bc923549ad5008c2

SHA256
3382c1ceed6fe105f88669a12e841b48ec9a5219f98786bbfc182d83db5f0e85

SHA512
de1c2703f81a42a6affcf96932fcaa7c7d2dbcb3f8d070a906719205d831b907b46f2e21c268f0398ca3a7c144e9c09e781b7ce91cd5e28f0f36636b4032c52b

Download Submit
/sdcard/360/.deviceId
Filesize
48B

MD5
4c4c5285293d5141f582aefa4e038669

SHA1
e01852a72e5a8e6f7d63a21426b515118196047b

SHA256
36c5c63f39ddf7a6a9c01946e4f78b95790aa734176802e793e95724a1b5b731

SHA512
097aa673273e307f7bfb7c08861ad389d4b5f7fae55d972a5c1636aa66d0b8d23b5eb9b696cefe0e5b942f23969dabf0147397aeca85fb9a4d75e0473104e399

Download Submit
/sdcard/360/.iddata
Filesize
32B

MD5
361aac74a0bf2a025c5a4e68b70a2f65

SHA1
91a34c9b518e571e58ed166bb5f86e3f29815c28

SHA256
236b53bcebbbcdc7e3b52605d7689712619089446effcaa14f75287413beef3a

SHA512
c4565578d8f2c4a0757db649d4625fa838c67dfa20267eeef487a5f5ba4c9338df38f3d1c1c57e3c8d0d1c8ddb99afb062d031de1a09fb277fd8277f5a6e77ea

Download Submit
/sdcard/bull/crash/CrashLog_20221125161536_4715.log
Filesize
2KB

MD5
24d0aeee67750292c12b614ccd4e6921

SHA1
1a98b2142f579c595ee97cad75349b7c38c7b009

SHA256
ab7e0613ef946201b2ca4553bce5b6f36a34b6c25b59314d0cc7d42d3782c992

SHA512
67efc11e9505bc88373b01208a84abee394fb68c7139e7052b390a174fadf9b3d71a549ce3e447839146dd9f09cdd409a5884327f24415481724d1511cd332bc

Download Submit